Following the recent adoption of the EU-U.S. Privacy Shield adequacy decision by the European Commission, the Article 29 Working Party (Working Party) met to discuss the EU-U.S. Privacy Shield framework on July 25 and subsequently a statement was released summarizing their reaction to the EU-U.S. Privacy Shield framework agreement. While the Working Party welcomed the improvements brought by the Privacy Shield mechanism, it identified several remaining concerns regarding the commercial aspects as well as the extent of access by U.S. public authorities to data transferred from the EU. It also warned that it will give a thorough look at the operations and effectiveness of the Privacy Shield during the first planned annual joint review.

Commercial Aspects

Concerning commercial aspects, the Working Party indicated that it regrets the lack of specific rules on automated decisions, the absence of a general right to object, and the uncertainty as to the application of Privacy Shield Principles to data processors. Working Party members further announced that they will issue guidance about data controllers’ obligations under the Privacy Shield, and proactively and independently assist data subjects with exercising their rights under the Privacy Shield mechanism, in particular when filing a complaint. Furthermore, the Working Party will provide comments on the citizens’ guide on enforcing their rights and input on the composition of the to be created European centralized body to which complaints against U.S. intelligence and security services will be submitted prior to their transfer to the U.S. Ombudsman that should deal with these complaints of EU citizens.

Government Access to Data

Regarding access by U.S. public authorities to EU data transferred to the U.S. under the Privacy Shield, the Working Party commented that it had expected stricter guarantees concerning the independence and the powers of the Ombudsperson who will oversee such access. It also stated that it regretted the lack of concrete assurances that bulk (mass and indiscriminate) collection of personal data would not take place.

Annual Review

The Working Party pointed to the first joint annual review as being a key milestone for evaluating the robustness and efficiency of the Privacy Shield mechanism. During the review, the Working Party members will assess whether the remaining issues have been solved and whether the safeguards provided under the Privacy Shield are workable and effective. According to the Working Party’s statement, the results of the first joint annual review may also have implications on transfer tools such as Binding Corporate Rules and Standard Contractual Clauses if it is determined that access to EU personal data by U.S. government agencies does not meet the Working Party’s approval.

Next Steps

The Working Party’s statement increases confidence that the EU Data Protection Agencies are likely to respond favorably to U.S. companies that have opted to self-certify their adherence to the EU-U.S. Privacy Shield Principles. U.S. companies that have determined that they would benefit from self-certification should therefore feel encouraged by the Working Party’s statement to start preparing the necessary activities and documents for their applications. The U.S. Department of Commerce will begin accepting applications as of Aug. 1, 2016.

However, it is also clear that the Working Party members are not fully satisfied that the Privacy Shield meets all of the objectives that they had outlined in their comments to the February 2016 draft of the Privacy Shield. Thus, it should be expected that more questions might be raised and inquires be conducted, to ensure that these objectives are met.

The views expressed in this document are solely the views of the author and not Martindale-Hubbell. This document is intended for informational purposes only and is not legal advice or a substitute for consultation with a licensed legal professional in a particular case or circumstance.

Contact Greenberg Traurig, LLP - East Palo Alto Office

Choose Area of Practice Area of Practice is requiredFirst Name First Name is requiredLast Name Last Name is requiredE-mail Address E-mail Address is requiredInvalid E-mail Address

Describe Your Legal Matter

0/1000 characters

Describe Your Legal Matter is required

Country Country is requiredZip CodeZip Code is requiredInvalid Zip CodeCity/Town/Locality City/Town/Locality is requiredState/Province/DistrictState/Province/District is requiredPhone Number Phone Number is requiredInvalid Phone Number Preferred Contact Method

By clicking on the "Submit" button, you agree to the Terms of Use, Supplemental Terms and Privacy Policy. You also consent to be contacted at the phone number you provided, including by autodials, text messages and/or pre-recorded calls, from Martindale and its affiliates and from or on behalf of attorneys you request or contact through this site. Consent is not a condition of purchase.

You should not send any sensitive or confidential information through this site. Emails sent through this site do not create an attorney-client relationship and may not be treated as privileged or confidential. The lawyer or law firm you are contacting is not required to, and may choose not to, accept you as a client. The Internet is not necessarily secure and emails sent though this site could be intercepted or read by third parties.

CONSUMER WEBSITES

The information provided on this site is not legal advice, does not constitute a lawyer referral service, and no attorney-client or confidential relationship is or should be formed by the use of this site. The attorney listings on the site are paid attorney advertisements. Your access of/to and use of this site is subject to additional Supplemental Terms.